Dear Joe, On Sat, 16 Jan 2021 at 21:29, Joseph Salowey <j...@salowey.net> wrote:
> We've only had one review in response to the last call so far, I'd like > to see a few more reviews of this document before moving it forward. Are > there any volunteers who can commit to a review in the near future? > I've reviewed and have only a handful of minor comments. Section 1, opening: Password and key comparison seems rather weak, unless low-entropy PSKs are used. If low-entropy PSKs are a focus, then perhaps make this clearer, which will simultaneously strengthen the comparison. Section 4, "These keys do not provide protection of endpoint identities (see Section 5), nor do they provide non-repudiation (one endpoint in a connection can deny the conversation)": Perhaps relate to other modes of TLS which do provide such protection. Section 4, "If this assumption is violated": The assumption has two aspects, namely, "each PSK is known to exactly one client and one server" and "these never switch roles." The following paragraph explains what happens if each PSK is known to more than one client, server, or both. But what if roles are switched? Whilst maintaining the former aspect of the assumption. Section 4, "then the security properties of TLS are severely weakened": Perhaps add "as explained below" or similar. Best regards, Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
